Code Examples – Digital signatures (S/MIME)

Introduction  |  Message Digest  |  Symmetric ciphers  |  RSA  |  ECIES  |  Digital signatures (S/MIME)

Signing and verifying messages: In this section we want to show how to sign messages and verify digital signatures based on certificates. Digital signatures are used to authenticate digital information analogous to ordinary physical signatures on paper, but are implemented using techniques from the field of public-key cryptography. The following code examples should enable you to use digital signing techniques in your custom application. The priniciple shown here is already implemented in many software programs (e.g. Microsoft Outlook) and is used to create messages being conform to the S/MIME standard.

S/MIME (Secure / Multipurpose Internet Mail Extensions) is an extension of the MIME format which is an internet standard for the format of e-mail. In addition to MIME, S/MIME allows the encryption and digital signing of messages.

In this example, we will use the FlexiProvider to create and verify a signature for a message according to the S/MIME procedure. For the code examples, you will need valid certificates. You can download the sample certificates provided here, but you can use or create your own certifcates as well.

Certificate authority (UserCA) with RSA key SHA-1 fingerprint
 UserCA.cer X.509 certificate of UserCA (selfsigned) (stdin)= ff:a8:eb:f4:76:0a:b2:d1:45:b8:ca:21:b1:de:25:89:23:e7:d9:d8
 UserCA.p12 Private .p12-file of UserCA (PKCS #12 format)  
User certificate with RSA key SHA-1 fingerprint
 CertRSA.cer User's X.509 certificate (generated and signed by UserCA) (stdin)= bb:40:00:6a:8c:42:cb:2c:20:d7:2f:64:3c:94:07:de:97:eb:cc:5c
 CertRSA.p12 User's private .p12-file  
User certificate with EC key SHA-1 fingerprint
 CertECDSA.cer User's X.509 certificate (generated and signed by UserCA) (stdin)= ec:14:8c:8c:3c:75:03:55:07:15:18:11:2d:cb:67:0e:07:42:cb:57
 CertECDSA.p12 User's private .p12-file  

X.509 is a standard for public key infrastructure which defines a standard format for public key certificates. It provides the possibility to verify a certificate chain in a given public key infrastructure up to a trusted root (certification authority).

The PKCS #12 format stands for Personal Information Exchange Syntax Standard. It defines a portable format for storing or transporting a user's private keys, certificates, etc. A .p12-fie is usually kept secret.

You can choose between certificates containing RSA keys or EC keys. The code documentation here refers to the ones with RSA keys. However the procedure with the EC certificates is identical. The only difference is that we use an EC key and a signature algorithm working with that kind of key. So the code examples with EC keys are provided for download without further documentation.

For a clearer presentation, the two procedures of signing and verifying are shown in separate parts:

RSA:

ECDSA:

Druckerenglisch deutsche Flagge   Impressum